I have a few multi-tenant application on AAD App which requests access to Mail, Calendar, Contacts and Tasks . The apps works successfully for a few years without any issue, but last few days started to get error :
"AADSTS650051: Application 'CLIENT_ID' is requesting permissions that are either invalid or out of date"
All of them !!! Without anything that changed in apps permissions settings. So, new domains can't now install those apps.
Remove app from the installed domain and install it again, doesn't helps.
Please advise.
Thanks
Well, found an issue - two permissions, one of them is Deprecated_ThreatIntelligence.Read, was not able to remove it, when tried to remove got ok, but permission was there again. After talking with MS support (paid support, after 48 hours of phone and email conversations) got nothing from them expect :
I would like to inform you that I have reached out to my peer
engineers with all this information and waiting for their suggestion
to proceed with further investigation on it.
I would request you to allow me sometime so that I can discuss with my
peer engineers and get back to you with an update on it.
Had no choice and needed to solve this quick as possible, found a way to remove , downloaded manifest (it'a app configuration JSON), removed problematic permission (not an easy task, as there's only guids) and uploaded manifest again. Issue solved.
Shame on microsoft support !!!! One of the useless paid support I ever saw. Can't do anything except waiting for feedback from engineers. This issue supposed to be fixed by support within 5-10 minutes, once they have request id and correlation id, but they didn't find a solution up till now. And shame on Microsoft, lost customers for last 10 days, due to their weird bugs.
The problem is exactly as described in the error message. Credentials for your app has expired.
Go to Azure AD -> App registration -> Your app -> Create new key
This deprecation warning has been in the documentation for a while. The removal of the scope just happened within last couple months.
https://learn.microsoft.com/en-us/office/office-365-management-api/get-started-with-office-365-management-apis#specify-the-permissions-your-app-requires-to-access-the-office-365-management-apis
Paragraph 3.
Related
I have a Azure App Service app that I'm trying to get deployed.
Today I ran into an issue where .NET informed me (via the yellow screen of death when I browse to the URL of my app) that I had a missing DLL (for the purposes of this question I don't think it really matters).
I used FileZilla to publish my changes in an attempt to do a manual deployment first and then work my way to automate it.
After so many attempts to fix it I later realized that the error message never changed. I did something more severe and renamed my bin folder into something completely different and the exact same error message would appear.
I've stopped the service, restarted it, and as mentioned, renamed folders, etc. and still the exact same error message persisted.
I also decided to open up the Azure Portal Console for my App Service app to browse a bit and to my amazement, nothing seemed to have reflected at all. The FTP shows one thing and the Console shows another.
Would anyone have any idea as to why this is happening?
I eventually got it to work and I will share what I tried.
I deleted the web app and created it again (I found this to be important the first time around). This was quite time consuming and did help but it wasn't long before the same problem happened again.
Then I finally found a solution that seems to give me consistent results:
I kept on editing the Web.config which seems to force a recompile and clear some sort of cache. So each time the web app stopped updating, I would make a slight change in the Web.config, upload it via FTP and the app finally updates.
If anyone has any more details on this, it would be greatly appreciated.
Revisiting a project I've not opened for a month or so I've found that the sandbox account I previously set up cant be accessed, visiting;
http://admin.wechat.com/debug/cgi-bin/sandbox?t=sandbox/login
Allows me to log in via. the scanning of the QR code but after (seemingly) managing to log in it then gives the error 'Unable to initialize'
Previously this worked I'm wondering if there's been an unpublicised change to the WeChat platform?
So I've not been able to figure out if/why the wechat.com sandbox service has stopped working and if I'm an isolated case or it is a common problem
I did discover that the Weixin sandbox service on https://mp.weixin.qq.com/debug/cgi-bin/sandbox allows me to log in / access the same test app tied to my WeChat account so for others having issues the answer may be to use;
https://mp.weixin.qq.com/debug/cgi-bin/sandbox?t=sandbox/login
Same here! The International sandbox is not letting me in, but the Weixin one works.
I have API Connect installed with mongodb connector over a remote server.
When I access the IBM API Connect through browser, all is fine, but when I go to DataSources where my DB is, and try to hit Update Schema button as shown in the image, an error occurs showing this:
Cannot GET /apim/dataSources/partials/dataSourceMigrate.html
P.S. I gave full permission for my project directory (/var/www/) with full ownership for www-data group and still the same.
Anyhelp would be appreciated.
FINALLY AND AFTER 2 MONTHS OF WAITING, I've got an answer from IBM Bluemix Support and sorry to bring the bad news, which is the following:
Hi Ghassan,
Thanks for sending the additional files. I checked with our development team and they found a bug in the code.
The fix will be available in a future release of the apic command line, but I don't have a date for it yet.
I will further discuss the plans to release this fix and will update you as soon as possible.
IBM Bluemix Developer Support and Enablement Team
A fix has been provided for this issue in iFix versions of 5.0.3.0, 5.0.4.0 as well as newer versions of API Connect. If you are still experiencing this issue, please update to a later version that includes the fix.
This just started happening today after I got a message from xcode to agree to new t&c's.
I can't put anything on the device, on any of my computers.
Doesn't work on my macbook, doesn't work on my mac mini, doens't work with existing projects that worked fine until yesterday, doesn't even work with completely new projects.
I constantly get the message:
writeDictToFile:1241 open failed for
/Users/georgecook/Desktop/test/iOS/obj/iPhone/Debug/mtouch-cache/install-shadow-directory/339bee33bc83c8e05fbd004dcc732c0b/20715d40747e047ba8a4ce4c1d2672ef90161df5/ManifestCache.plist
: No such file or directory MDMCacheDirectoryManifest:1315
writeDictToFile failed to write to
/Users/georgecook/Desktop/test/iOS/obj/iPhone/Debug/mtouch-cache/install-shadow-directory/339bee33bc83c8e05fbd004dcc732c0b/20715d40747e047ba8a4ce4c1d2672ef90161df5/ManifestCache.plist
: No such file or directory error MT1006: Could not install the
application
'/Users/georgecook/Desktop/test/iOS/bin/iPhone/Debug/test.iOS.app' on
the device Gandalf the white: Your application failed code-signing
checks. Check your certificates, provisioning profiles, and bundle
ids. Probably your device is not part of the selected provisioning
profile (error: 0xe8008015).
No idea why this is suddenly happening - this is really not good - how to resolve this?
I tripped over this one recently too.
The key is this part of the message:
Your application failed code-signing checks. Check your certificates, provisioning profiles, and bundle ids. Probably your device is not part of the selected provisioning profile
Likely, your provisioning profile has expired. The easiest way to solve this is to launch Xcode, create an empty project, and hit Run. This will go over a series of dialog boxes offering you to fix your provisioning profile until it deploys. Once this happens, you can switch back to Visual Studio/Xamarin Studio and deploy.
One reason this can happen is if you have multiple developer accounts set up in XCode. Here are the steps
Verify that your device is on Apple member center
Verify that your device is part of the relevant provisioning profile
Repeat steps 1 and 2 for each account
Create a new project in XCode and run it on the device. XCode may ask you to select the team (if you have multiple accounts)
If you have multiple developer accounts (teams) set up in XCode, the repeat step 4 each time with a new project and select a different team each time.
These steps ensure that XCode clears the way for Xamarin. The idea is that Xamarin does not allow you to decide which "team" to use, so you want to make sure that XCode has done the setup for EVERY team.
I just had this ManifestCache.plist : No such file or directory problem. I checked device logs (View -> Pads -> iOS Device Log) to see why it was happening. Logs said it was rejecting an upgrade. Upgrade, I thought to myself, that doesn't sound right...then I remembered I had an app on my iPhone with the same identifier to.dima.application from a previous version which I forgot to uninstall. Removing the old app cleared up this issue for me. Hope this helps anyone else who has the same problem! :)
It works! I have found the solution.I was facing the same problem. Somehow there was a misconfiguration in Xamarin. The entitlements.plist had a wrong manuel entry. The cert ist checking all the values in it and if you have a manuel entry there it is not working anymore. Apple is searching somehow only for own entry they are needing.
I spent sometime on developer portal to find out the problem, it occurs because of distribution APNS or development. It did not fixed, after restoring all provisioning profiles and certificates, . In my case solution was letting Xamarin choose signing profiles. I did not use info.plist auto signing which did not solve either but changing Project -> iOS Bundle Signing -> Signing identity, Provisioning Profile Auto solved all issues for development and production cases.
I had the same issue, and so I opened Xcode and updated all my profiles, but nothing happened. So I added the device UDID in the developer portal to the team I was developing for, went to Xcode and updated the profiles again, and then it worked. Don't know if the device must be registered to be able to build to device or this triggered some other update to my profiles that suddenly made it work.
Today they published a new revision of the Apple Developer Licence agreement.
The error message was essentially the same as OP's. The true reason only became apparent when creating a new project in XCode on the Mac, where more useful warnings show up in the "Deployment info" section of the "General" tab.
I had to log in to apple.developer.com, there was a red panel asking me to accept the new licence conditions, and as soon as I did that, deploying apps from Xamarin immediately worked again.
Note: I've found several questions similar on here, but the one's that were resolved did not work for me. So I thought I'd open a new question.
I rebooted our server 2012 box, which hosts our new .net applications. After doing so, I started receiving a 503 error. Upon investigation, it seemed like an identity problem.
Before going much further, I should state that this account has worked for several months now. I've rebooted before, and everything started fine.
So I'm getting the (quite common) 5059, 5057, and 5021 errors in the log. They boil down to this:
The identity of application pool SVFileUpload is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.
I thought I would just ensure the password and account were correct, so I go to the application pool, select identity-> custom and ensure it's set up right. I get an error:
There was an error while performing this operation. Details: Keyset does not exist (Exception from HRESULT: 0x80090016)
This was strange to me, so I tried setting the app pool to a built in account, and it worked fine. I get this error anytime I try to set to a custom account. Also, no app pools that are using custom accounts will run.
I googled a bit, unsure which error was the one I needed to track. I have tried:
registering the account on the command line via the aspnet_ tool
Making sure the user was in the IIS_IUSRS group
changing the permissions on C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys file(s)
adding a completely new user and trying to set an app pool to that users account
There was a couple other random things I tried from googling but I don't remember.
This error doesn't make sense to me, and it seems random. I need help figuring out 1) why I can't set an app pool to a custom account and 2) why the identity isn't working for my applications anymore
-Edit
I recently removed and re-added the user account I've been working with. I think that solves that problem. The problem remaining is I can't update the application pool because of the "keyset does not exist" error.
I found a couple of links that led me to a solution.
In c:\windows\system32\inetsrv\config\applicationHost.config I removed all the configProtectedData entries.
Then I removed everything in %ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys
I ran iissetup.exe /install SharedLibraries from the inetsrv directory, which resulted in a "Failed = 0x80070005"
I then was able to set up my application pools as if nothing happened.
See also https://techcommunity.microsoft.com/t5/IIS-Support-Blog/Keyset-does-not-exist-exception-from-HRESULT-0x8009000D-or-or/ba-p/342955 for a more detailed explanation
I ran the iisreset command and my problem was sovled
I had the same error-message because my user was not member of the "Local Administrators" group.
I was able to connect to the server because I was member of the "Remote Desktop Users" group.
I was able to open IIS Management and to change settings, but when I clicked on the "OK" or "Save" button - I got the "Keyset does not exist" - error message.
So my advice - check if you are an administrator.
I tried to change the Identity of Application Pool on a remote server and it failed with the above error.
I RDP into the remote machine and then tried to update the Identity using local IIS Manager and it worked.
For anyone on Windows server 2008 stumbling into this error:
this may occur when you are managing the IIS instance from another server using the remote management feature ('connect to another computer').
I resolved by managing the IIS instance from the server itself.
https://support.microsoft.com/en-hk/help/977754/-keyset-does-not-exist-error-message-when-you-try-to-change-the-identi
Since I am working on a fresh server I was able to uninstall the IIS Windows Feature and then re-add it.
I was able to change the App Pool Identity after that with no issues.
delete the rsa found here C:\Users\usernamn\AppData\Roaming\Microsoft\Crypto\RSA
MAKE A BACKUP JUST TO BE SURE WORKED FOR ME